Author Topic: Kernel.filter help (atapi - P2ToLo-2 - PxHlpa64.sys possiible malware or ignore)  (Read 5288 times)

0 Members and 1 Guest are viewing this topic.

April 10, 2015, 08:20:18 PM

kjm1755

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Recent scan with RogueKiller orange listed a kernel filter and I am not sure exactly how to continue. I have include the scan log. Would someone be able to take a look and make suggestion on how to proceed? THANKS

RogueKiller V10.5.9.0 (x64) [Apr  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ken [Administrator]
Started from : C:\Users\Ken\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 04/10/2015  11:45:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T0L0-2 : \Driver\PxHlpa64 @ Unknown (\SystemRoot\System32\Drivers\PxHlpa64.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM501II ATA Device +++++
--- User ---
[MBR] 11f5a0872b4a537cd5290f5108ee56f4
[BSP] f471722293d46bef1de26ec6b25607e9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03102015_223405.log - RKreport_DEL_03102015_224020.log - RKreport_SCN_03112015_220550.log - RKreport_SCN_03162015_234326.log

Reply #1April 13, 2015, 06:11:36 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Hi kjm1755,

Your report is clean.
This kernel filter is a false positive and it will be whitelisted in the next release of RogueKiller.
Thanks for bringing this to our attention.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

Reply #2April 14, 2015, 11:48:45 PM

kjm1755

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Thanks for looking and  verifying. Glad to help add to white list :)

Reply #3April 15, 2015, 12:02:39 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Hi kjm1755,

You are very welcome.
Thanks for contributing to RogueKiller improvement.  :)

Regards.